Hello ,

Just want to check do we need to enable Application blade in R80.10  to use this feature for adding rules base allowing FQDN object?

dont think so , but you will need to check the checkbox "FQDN" on the domain object and the FW must be R80.10+

otherwise the GW will use the "OLD" mechanism 

Nope, you don't need to do that. It works straight out of the box

Kaspars Zibarts escreveu:

No it won't as DNS queries are executed in the background and cached every 30 seconds.

Do you know where to look for these DNS entries?

I had a look in some tables through fw tab -t but didnt found what im looking for.

Thanks in advance.

Actually no I haven't had time to dig into it  

Thks Kaspars,

Just for the sharing purpose:

I found it in a sk90401...

How can the cache be viewed for troubleshooting?

There are 2 kernel tables. Run:

• fw tab -t dns_reverse_cache_tbl -u
• fw tab -t dns_reverse_unmatched_cache -u

... but the mentioned tables are not present... (table xxx not loaded: Invalid argument)

fw tab -s | grep dns_reverse dont show any also.

Coming back to this.
the sk mentioned has a bit of a confusing layout.

however I now believe that all text after the line: Changes in Domain Objects since R80.10

is only applicable to r80.10 and above.
so the tables you list exist only in r80.10( I verified this by running the commands on:

r77.30, r80.10 and r80.20 devices.

on 80.10 and 80.20 an output is given. even if the table is empty( jsut the headers then)

on r77.30 you get the default reply for a non-existing table.

question is: I found some info explaining that pre r80.10. the firewall was also capable of caching the dns lookups.
however it's not in the above mentioned tables. then where can we query this?

as I have someone who has the same question:
we use domain objects in r77.30, are aware of the impact/risks. but wan't to see the cached info.

upgrade to r80.x is planned but in the meantime where can we find this info.

Dameon Welch-Abernathy‌ could you check internally if this is publicly available info where FQDN objects are cached (tables?) and how to fetch it? Thanks!

It's not documented in SK anywhere, but I believe the table is called domain_cache.

Yeah, i was searching for different options like "name, dns, ns, chache" but nothing really seems to fit. For example I know we use it extensively on this VS but suggested table is zero in size

[Expert@vsx:6]# fw tab -s -t domain_cache
HOST NAME ID #VALS #PEAK #SLINKS
localhost domain_cache 8190 0 0 0

This name was suggested by various CFG and TAC SRs, which leads me to believe it is correct.

Ok, had to do a bit of reverse engineering. Played with VSX VS0 and CMA that manages it and had zero domain objects.

What it looks like the table name is dns_reverse_domains_tbl as it was empty before I started:

then I added abc.com as a domain object and these 3 entries were populated in the table, but I haven't managed to crack it yet as IP in HEX would be c7 b5 84 fa

Once domain object was removed, table was empty again.

Found the other table dns_reverse_cache_tbl with IP, still have no full logic explanation though

IP in red

UID for domain object  "0b498363-b2d3-44bd-862e-354cd7a48aa9"

Hi Kaspars,

How can we clear the dns cache table? 

i was doing some test with domain object and want to clear the cache table.

Thanks

you may try at your own risk  the usual table purge option: -x at the end:

fw tab -t dns_reverse_cache_tbl -x

Adam Forester‌ what would be command on r80.20?

Since printing is done via 

"fw ctl multik print_bl dns_reverse_cache_tbl"

Adam Forester‌ is there easy way to match object UID to cached entry?

I wrote a script that would do it but reverse wasn't always working since I only had IP and it was a bit wonky... I'm going to ask my contacts internally to see what I can find.